diff options
| author | liuxueli <[email protected]> | 2021-09-08 17:20:05 +0800 |
|---|---|---|
| committer | liuxueli <[email protected]> | 2021-09-08 17:20:05 +0800 |
| commit | c67f8195f55fc8872e4708963a94500d571b05d0 (patch) | |
| tree | a6caef4b30bba9c060ebbba135727c647a66238a /src | |
| parent | 033f935e75e0db839a19c47595b0420e5a114186 (diff) | |
TSG-7682: 解析加密SNI异常导致SAPP重启
Diffstat (limited to 'src')
| -rw-r--r-- | src/gquic_process.cpp | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/src/gquic_process.cpp b/src/gquic_process.cpp index bce6600..f74ec57 100644 --- a/src/gquic_process.cpp +++ b/src/gquic_process.cpp @@ -15,6 +15,7 @@ #include "quic_analysis.h" #include "parser_quic.h" + int is_iquic(enum _QUIC_VERSION quic_version) { switch(quic_version) @@ -707,7 +708,7 @@ int gquic_frame_type_stream(struct streaminfo *pstream, struct _quic_context* _c { case GQUIC_VERSION_Q041: *used_len+=1; // unknown - case GQUIC_VERSION_Q044: + //case GQUIC_VERSION_Q044: message_tag=(unsigned int)ntohl(*(unsigned int *)(payload+*used_len)); *used_len+=4; @@ -1056,15 +1057,31 @@ int parse_encrypt_client_hello(struct streaminfo *pstream, struct _quic_stream * get_value(payload, &used_len, 32); //Random skip_len=(int)get_value(payload, &used_len, 1); //Session ID length + if(!check_length(payload_len-used_len, skip_len)) + { + return flags; + } used_len+=skip_len; skip_len=(int)get_value(payload, &used_len, 2); //Ciper Suites length + if(!check_length(payload_len-used_len, skip_len)) + { + return flags; + } used_len+=skip_len; skip_len=(int)get_value(payload, &used_len, 1); //Compression Methods + if(!check_length(payload_len-used_len, skip_len)) + { + return flags; + } used_len+=skip_len; extension_total_len=(int)get_value(payload, &used_len, 2); //Extension length + if(!check_length(payload_len-used_len, extension_total_len)) + { + return flags; + } quic_stream->ext_tags=(quic_tlv_t *)dictator_malloc(pstream->threadnum, sizeof(quic_tlv_t)*3); memset(quic_stream->ext_tags, 0, sizeof(quic_tlv_t)*3); @@ -1073,6 +1090,11 @@ int parse_encrypt_client_hello(struct streaminfo *pstream, struct _quic_stream * { ext_type=get_value(payload, &used_len, 2); //Extension type skip_len=get_value(payload, &used_len, 2); //length + if(!check_length(payload_len-used_len, skip_len)) + { + return flags; + } + switch(ext_type) { case EXTENSION_SERVER_NAME: @@ -1120,7 +1142,7 @@ int parse_decrypt_quic(struct streaminfo *pstream, struct _quic_context* _contex _context->quic_info.client_hello=(struct _quic_stream *)dictator_malloc(pstream->threadnum, sizeof(struct _quic_stream)); memset(_context->quic_info.client_hello, 0, sizeof(struct _quic_stream)); } - ret=parse_encrypt_client_hello(pstream, _context->quic_info.client_hello, a_packet, payload+*used_len, payload_len); //Frame Type=1, offset=1, length=2 + ret=parse_encrypt_client_hello(pstream, _context->quic_info.client_hello, a_packet, payload+*used_len, payload_len-*used_len); //Frame Type=1, offset=1, length=2 if(ret>0 && _context->call_business) { state=quic_callPlugins(pstream, _context, (void *)(_context->quic_info.client_hello), sizeof(void *), QUIC_CLIENT_HELLO_MASK, a_packet); @@ -1183,7 +1205,7 @@ int quic_process(struct streaminfo *pstream, struct _quic_context* _context, int ret=parse_gquic_Q046(pstream, _context, a_packet, (char *)udp_detail->pdata, udp_detail->datalen, &used_len); break; default: - if(is_gquic>=GQUIC_VERSION_Q001 && is_gquic<=GQUIC_VERSION_Q043) + if(is_gquic>=GQUIC_VERSION_Q001 && is_gquic<=GQUIC_VERSION_Q046) { ret=gquic_proc_unencrypt(pstream, _context, a_packet, (char *)udp_detail->pdata, udp_detail->datalen, &used_len); } |